Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in getID3 and allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.
Advisories for Composer/James-Heinrich/Getid3 package
2021
2014
Potential XXE security issue
getID3() allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.